• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 304
  • Last Modified:

Preventing user from connecting other than through VPN

I have a Virtual Machine (VM) with a VPN connection. I double click the icon on the desktop to connect. After that I go out under the VPNs IP. When I am not connected I go out under my IP (Verizon DSL).

What I want is preventing the ability to go out to the internet from this VM except under VPN. That is if someone forgets to "dial in" and tries to open the IE or other application he gets an error.

"other application" = "any program accessing the Internet". ICQ, FTP client, whatever.
0
SergiyK
Asked:
SergiyK
  • 4
  • 4
1 Solution
 
Rob WilliamsCommented:
One option:  Statically assigning the remote VPN site's local DNS server as the only DNS server, in the TCP/IP DNS properties of the connecting VM, will restrict access,s unless they try to do so by IP. If you do so, your VPN will have to connect by IP or have a manual entry in the Hosts file for the domain name to which it is connecting, since it will not be able to resolve DNS names until the VPN is connected.
0
 
SergiyKAuthor Commented:
I do not know what the remote site's DNS server is. How do I find out?
0
 
Rob WilliamsCommented:
That is a good question :-)  Usually you would have some involvement in the management of the remote site an know that. Can you contact someone at that site and ask them at a command line to run   ipconfig  /all    this will return it's DNS configuration. If not let us know what type of VPN connection you have or client you are using and you may bed able to retrieve it. You may already have it on the local machine. You could run ipconfig  /all on the local machine while the VPN is connected, and check next to DNS for an IP starting with 192.168.x.x, 10.x.x.x or 172.16-31.x.x  Then make sure it is not part of your local network.
You could also try while connected to the VPN using    nslookup  RemoteDomainName.abc  if you no the domain name.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
SergiyKAuthor Commented:
I am using a regular VPN :) I set it up like this:


New Connection ->
Connect ... at workplace -->
V.P.N. ->
Company name = *** -->
Do not dial initial connection -->
IP = **.**.***.***

Then I hit connect, enter user name and password and I am there.

Ipconfig did not really work...

C:\Documents and Settings>ipconfig
Windows IP Configuration
An internal error occurred: Incorrect function.
Please contact Microsoft Product Support Services for further help.
Additional information: Unknown media status code.
0
 
SergiyKAuthor Commented:
Ok, Ipconfig worked now:


Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : *****.******.com
        IP Address. . . . . . . . . . . . : 192.168.*.**
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.*.*

PPP adapter Bagalya:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.*.***
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.*.***
0
 
Rob WilliamsCommented:
You need to use:   ipconfig /all    to get the DNS servers. But it may not help. The one you want should be displayed under the PPP adapter's configuration.

Do you have a domain at your end, or might *****.******.com be the domain name at the remote end? If so try, when the VPN is connected entering;
nslookup   *****.******.com
and it should return the IP of the remote DNS server.
0
 
SergiyKAuthor Commented:
C:\Documents and Settings>nslookup myhome.westell.com
Server:  dslrouter
Address:  192.168.1.1

Name:    myhome.westell.com
---

This is my router's IP address...

By the way, can I set up the router for this VM so that traffic of this partricular VM can go only from one IP (VPN)?

0
 
Rob WilliamsCommented:
>>'can I set up the router for this VM so that traffic of this partricular VM can go only from one IP (VPN)?"
Not familiar with your modem/router, but as a rule on simple units like the Westells, you can control what IP's are allowed outgoing connections, but not where they go. Where the VPN is a virtual connection I doubt you can block it in that way.

>>"Server:  dslrouter"
As mentioned, that is the router. You need the corporate DNS server's IP.
Do you know the name of any computers or servers at the corporate site, even if by checking drive mappings? If so using nslookup as suggested earlier should return the computers IP but also the IP of the DNS server that resolved the name. This of course has to be done while the VPN is connected.
nslookup  RemoteDomainName.abc  
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now